4 matches found
openSUSE 10 Security Update : asterisk (asterisk-5062)
Attackers could bypass host based authentication by using a valid username CVE-2007-6430 Attackers could inject SQL commands under certain circumstances if 'cdrpgsql' was used CVE-2007-6170 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2007-6430
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations "realtime" and host-based authentication, does not check the IP address when the username is correct and there is no...
CVE-2007-6430
CVE-2007-6430 affects Asterisk Open Source 1.2.x (before 1.2.26), 1.4.x (before 1.4.16), and Business Edition B.x.x (before B.2.3.6) and C.x.x (before C.1.0-beta8). The issue is that when using realtime (database-based registrations) and host-based authentication, the system does not check the IP...
AST-2007-027 - Database matching order permits host-based authentication to be ignored
Asterisk Project Security Advisory - AST-2007-027 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Database matching order permits host-based | | | authenticatio...